Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2. These modes alter the packet format and compute the MAC over the packet length and encrypted packet rather than over the plaintext data. These modes are considered more secure and are used by default when available.

Även så har OpenSSH implementerat stöd för GCM-AES:

GCM (Galios/Counter Mode) is a mode of operation that uses a universal hash function over a binary Galois field to provide authenticated encryption. The mode is defined in NIST’s SP 800-38D, and P1619. GCM is a high performance mode which offers both pipelining and parallelization

The authentication mechanism assumes that an attacker cannot calculate the HMAC. However, this assumption is broken because the two inputs used to calculate the HMAC (username and expiration) are not clearly delineated.

In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA-1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.